Ferry Haris

Good looking Trust Page you have here. Few follow-up questions, maybe suggestions: 1. Are you planning to get ISO 27001 or SOC 2 yourself? Depends on who your target is, this question might come sooner than you might expected. 2. Since you said you are GDPR compliant, I cannot see the sub-processors list. 3. Perhaps completing CSA CAIQ yourself and upload it there also helps potential customers to already review what you have and what you don't have.

The past days we are busy mapping some evidence to ISO 27001 and SOC 2 controls for 2 startups, so they can focus on building their products and serve customers. At https://t.co/4HXsQ55IPd, for companies <50 employees, we bundle software + consultant + internal audit + (optional) pentest. Why? Because we know these companies don't have time to work on compliance and yet they still want to do things right. So, we help them from A-Z. Do you think your small business can benefit from such bundled service as well? Hit me up!

In my experience working with small businesses, mid-size companies, and enterprises, having beautifully written and formatted documents (policy, procedure, etc.) means nothing when ❌People don't read them ❌People don't understand them ❌And the worst part is people don't do them And the sad part is this happens in all sort of "mature" regulated companies and certifiable companies, whether ISO 27001 or SOC 2. Time and time again the reality has proven that all certificates in the world don't really mean what they are supposedly mean. ISO 27001 / SOC 2 doesn't mean the companies are secured. If that's the reality we live in, then why we keep pushing the process around certificates, audits, etc. when actually it means nothing? Just me babbling to myself while waiting for my daughter practice her musical performance.